From 1a39754fe9cdcfe10c287fa005520a0ced0b1ed1 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 22 Nov 2022 11:38:24 +0100 Subject: [PATCH] *: don't return values in test suites Signed-off-by: Jens Langhammer --- authentik/sources/saml/processors/response.py | 4 +- .../authenticator_validate/tests/test_totp.py | 44 ++++++++++++++++--- authentik/stages/prompt/tests.py | 19 +++++--- 3 files changed, 55 insertions(+), 12 deletions(-) diff --git a/authentik/sources/saml/processors/response.py b/authentik/sources/saml/processors/response.py index 173b4b070..2c809858e 100644 --- a/authentik/sources/saml/processors/response.py +++ b/authentik/sources/saml/processors/response.py @@ -202,10 +202,10 @@ class ResponseProcessor: """Get all attributes sent""" attributes = {} assertion = self._root.find(f"{{{NS_SAML_ASSERTION}}}Assertion") - if not assertion: + if assertion is None: raise ValueError("Assertion element not found") attribute_statement = assertion.find(f"{{{NS_SAML_ASSERTION}}}AttributeStatement") - if not attribute_statement: + if attribute_statement is None: raise ValueError("Attribute statement element not found") # Get all attributes and their values into a dict for attribute in attribute_statement.iterchildren(): diff --git a/authentik/stages/authenticator_validate/tests/test_totp.py b/authentik/stages/authenticator_validate/tests/test_totp.py index 5dafaa576..10250fcaa 100644 --- a/authentik/stages/authenticator_validate/tests/test_totp.py +++ b/authentik/stages/authenticator_validate/tests/test_totp.py @@ -1,7 +1,6 @@ """Test validator stage""" from datetime import datetime, timedelta from hashlib import sha256 -from http.cookies import SimpleCookie from time import sleep from django.conf import settings @@ -76,7 +75,7 @@ class AuthenticatorValidateStageTOTPTests(FlowTestCase): component="ak-stage-authenticator-validate", ) - def test_last_auth_threshold_valid(self) -> SimpleCookie: + def test_last_auth_threshold_valid(self): """Test last_auth_threshold""" ident_stage = IdentificationStage.objects.create( name=generate_id(), @@ -115,12 +114,47 @@ class AuthenticatorValidateStageTOTPTests(FlowTestCase): ) self.assertIn(COOKIE_NAME_MFA, response.cookies) self.assertStageResponse(response, component="xak-flow-redirect", to="/") - return response.cookies def test_last_auth_skip(self): """Test valid cookie""" - cookies = self.test_last_auth_threshold_valid() - mfa_cookie = cookies[COOKIE_NAME_MFA] + ident_stage = IdentificationStage.objects.create( + name=generate_id(), + user_fields=[ + UserFields.USERNAME, + ], + ) + device: TOTPDevice = TOTPDevice.objects.create( + user=self.user, + confirmed=True, + ) + stage = AuthenticatorValidateStage.objects.create( + name=generate_id(), + last_auth_threshold="hours=1", + not_configured_action=NotConfiguredAction.CONFIGURE, + device_classes=[DeviceClasses.TOTP], + ) + stage.configuration_stages.set([ident_stage]) + FlowStageBinding.objects.create(target=self.flow, stage=ident_stage, order=0) + FlowStageBinding.objects.create(target=self.flow, stage=stage, order=1) + + response = self.client.post( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}), + {"uid_field": self.user.username}, + ) + self.assertEqual(response.status_code, 302) + response = self.client.get( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}), + ) + # Verify token once here to set last_t etc + totp = TOTP(device.bin_key) + sleep(1) + response = self.client.post( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}), + {"code": str(totp.token())}, + ) + self.assertIn(COOKIE_NAME_MFA, response.cookies) + self.assertStageResponse(response, component="xak-flow-redirect", to="/") + mfa_cookie = response.cookies[COOKIE_NAME_MFA] self.client.logout() self.client.cookies[COOKIE_NAME_MFA] = mfa_cookie response = self.client.post( diff --git a/authentik/stages/prompt/tests.py b/authentik/stages/prompt/tests.py index ab7956351..ee57f125c 100644 --- a/authentik/stages/prompt/tests.py +++ b/authentik/stages/prompt/tests.py @@ -137,7 +137,7 @@ class TestPromptStage(FlowTestCase): self.assertIn(prompt.label, response.content.decode()) self.assertIn(prompt.placeholder, response.content.decode()) - def test_valid_challenge_with_policy(self) -> PromptChallengeResponse: + def test_valid_challenge_with_policy(self): """Test challenge_response validation""" plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) expr = ( @@ -151,9 +151,8 @@ class TestPromptStage(FlowTestCase): None, stage=self.stage, plan=plan, data=self.prompt_data ) self.assertEqual(challenge_response.is_valid(), True) - return challenge_response - def test_invalid_challenge(self) -> PromptChallengeResponse: + def test_invalid_challenge(self): """Test challenge_response validation""" plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) expr = "False" @@ -164,7 +163,6 @@ class TestPromptStage(FlowTestCase): None, stage=self.stage, plan=plan, data=self.prompt_data ) self.assertEqual(challenge_response.is_valid(), False) - return challenge_response def test_valid_challenge_request(self): """Test a request with valid challenge_response data""" @@ -173,7 +171,18 @@ class TestPromptStage(FlowTestCase): session[SESSION_KEY_PLAN] = plan session.save() - challenge_response = self.test_valid_challenge_with_policy() + plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) + expr = ( + "return request.context['prompt_data']['password_prompt'] " + "== request.context['prompt_data']['password2_prompt']" + ) + expr_policy = ExpressionPolicy.objects.create(name="validate-form", expression=expr) + self.stage.validation_policies.set([expr_policy]) + self.stage.save() + challenge_response = PromptChallengeResponse( + None, stage=self.stage, plan=plan, data=self.prompt_data + ) + self.assertEqual(challenge_response.is_valid(), True) with patch("authentik.flows.views.executor.FlowExecutorView.cancel", MagicMock()): response = self.client.post(